[pass] reencryption: only happens when required now

Jason A. Donenfeld Jason at zx2c4.com
Tue Apr 22 20:35:13 CEST 2014


On Tue, Apr 22, 2014 at 7:47 PM, Brian Shore <brian at networkredux.com> wrote:
>
> This will probably work for everyone but me.  I use GPG's throw-keyids
> directive, so when you try to fetch the "current" keys from a given
> encrypted file, they all show up as all zeros.
>

zx2c4 at thinkpad ~ $ echo blah > blah
zx2c4 at thinkpad ~ $ gpg -r jason at zx2c4.com --throw-keyids -e blah
zx2c4 at thinkpad ~ $ gpg -v --list-only --keyid-format long blah.gpg
gpg: public key is 00000000


Seems to work just fine with throw-keyids. The list function will just
return all zeros, as expected, in which case, pass will be inclined to
reencrypt always, which is what you want anyway when using throw-keyids.
Were we to try to determine which key these files actually use, we'd incur
the same overhead as going ahead and fully decrypting anyway, so
reencrypting always isn't much less efficient than a theoretical best case
for throw-keyids. So no need to maintain your own branch or git-stash.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140422/d94a9081/attachment.html>


More information about the Password-Store mailing list